Using Hardware Wallets in the Openos CLI
Signing a transaction requires a private key, but storing a private key on your personal computer or phone leaves it subject to theft. Adding a password to your key adds security, but many people prefer to take it a step further and move their private keys to a separate physical device called a hardware wallet. A hardware wallet is a small handheld device that stores private keys and provides some interface for signing transactions.
The Openos CLI has first class support for hardware wallets. Anywhere
you use a keypair filepath (denoted as <KEYPAIR>
in usage docs), you
can pass a keypair URL that uniquely identifies a keypair in a
hardware wallet.
Supported Hardware Wallets
The Openos CLI supports the following hardware wallets:
Specify a Keypair URL
Openos defines a keypair URL format to uniquely locate any Openos keypair on a hardware wallet connected to your computer.
The keypair URL has the following form, where square brackets denote optional fields:
usb://<MANUFACTURER>[/<WALLET_ID>][?key=<DERIVATION_PATH>]
WALLET_ID
is a globally unique key used to disambiguate multiple devices.
DERVIATION_PATH
is used to navigate to Openos keys within your hardware wallet.
The path has the form <ACCOUNT>[/<CHANGE>]
, where each ACCOUNT
and CHANGE
are nonnegative integers.
For example, a fully qualified URL for a Ledger device might be:
usb://ledger/BsNsvfXqQTtJnagwFWdBS7FBXgnsK8VZ5CmuznN85swK?key=0/0
All derivation paths implicitly include the prefix 44'/501'
, which indicates
the path follows the BIP44 specifications
and that any derived keys are Openos keys (Coin type 501). The single quote
indicates a "hardened" derivation. Because Openos uses Ed25519 keypairs, all
derivations are hardened and therefore adding the quote is optional and
unnecessary.